This bill enhances cybersecurity measures in Kansas by consolidating cybersecurity services under the chief information security officer for each branch of government. It removes the expiration provisions from existing cybersecurity legislation, ensuring that the requirements for cybersecurity programs remain in effect indefinitely. The bill amends several statutes, including K.S.A. Supp. 40-110, 75-413, 75-623, 75-710, and 75-711, while repealing outdated or redundant sections. Key provisions include the establishment of chief information security officers in the judicial and legislative branches, who will develop cybersecurity programs in compliance with the National Institute of Standards and Technology's Cybersecurity Framework and ensure that all employees complete annual cybersecurity training.

The bill mandates that all cybersecurity services for state government branches be administered by the respective chief information technology and security officers starting July 1, 2027. It requires the integration of executive branch IT services and the establishment of a compliance plan for cybersecurity standards. Additionally, it includes provisions for reporting compliance failures and maintaining the confidentiality of audit results, with the previous expiration date of July 1, 2026, for certain sections removed, allowing these provisions to remain in effect indefinitely.

Statutes affected:
As introduced: 40-110, 45-215, 75-413, 75-623, 75-710, 75-711, 75-7203, 75-7245, 75-7206a, 75-7208a, 76-711, 75-7246